Heartbleed Scanners Found to be Lacking
Page 1 of 1
To add further insult to injury for end users, FireEye found that apps that claim to scan for the Heartbleed flaw on Android, for the most part, don't really work. Looking at 17 different apps that claim to scan for Heartbleed, FireEye found that 11 of them did not scan apps for the Heartbleed flaw.
Going a level deeper, looking at the six that did scan for Heartbleed, two of them did not correctly identify apps that were in fact vulnerable to Heartbleed.
"Only two of them did a decent check on Heartbleed vulnerability of apps," FireEye researchers noted in a blog post. "We've also seen several fake Heartbleed detectors in the 17 apps, which don't perform real detections nor display detection results to users and only serve as adware."
While the risk to Android apps is nontrivial and should be taken seriously, attacks against Android apps are not happening—yet.
"We haven't observed active exploits yet, but given the scale, it's important for Android users to be aware of the ongoing threat," Xue said.